Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

Environment

  • Carbon Black Cloud Console: All Versions


Question

Why does the Alert severity in the console not match the severity for the same Alerts sent to the SIEM?


Answer

  • The Alert severity in the console can change as new events are added to it
  • If the Alert severity changes the new severity will not be sent to the SIEM

Additional Notes

  • This is currently as designed. To request this behavior changed a feature request can be submitted
  • This behavior will also prevent any new events added to the alert from being sent after the SIEM pulls the related events the first time

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
628
Contributors